show password option

[spc3rd]

Hi johnwrites,

Thank you for your suggestion and the attached screenshot.

I see (from past topic posts), the "reveal password" and "password hint" options were brought up in 2014 and in 2012. (Link to the 2012 topic is shown below for reference).

http://www.esumsoft.com/Forums/viewtopi ... 654#p25654

As I recall, there were some concerns expressed, however Jeff indicated he would consider the suggestion you made at that time.

As the software developer, Jeff can better address this subject than I, (especially given the nature of it & time interval involved). He should be stopping by the Forums later and can provide additional feedback.

Thanks again for your suggestion - and the nicely-edited screenshot!

[mjs]

Hi johnwrites,

I thought I'd mention that I actually have literally 293 different passwords for all types of accounts e.g. memberships, store accounts, credit card accounts, forums, blogs, banks etc., and of course email accounts.

What I do is keep a hidden (so no one can even see the file) and encrypted password protected (Excel) file for all of these userID's and passwords. It's admittedly a nuisance to have to enter a password for this file to get to all of my other passwords, but for me worth the inconvenience for the sake of added security for my laptop that requires a password as well.

Certainly if this suggestion were implemented in POP Peeper the function itself would have to be password protected in my opinion.

And of course one has to consider the possibility of someone losing a portable device or for that matter just letting someone use a person's portable device temporarily that would make it that much easier for a device getting into the wrong hands of someone who might attempt to crack a "master" password that POP Peeper would presumably have to have to enable the password display function. Btw, since you referenced using a password revealer app; with portable devices in mind, I would not recommend having password revealing software that you have mentioned you sometimes use on anything other than minimally a desktop setup (I've admittedly used a password reveal app on my password protected desktop in the past however).

All of this is why people use password protected password manager apps for example of which there are many to choose from including many that are FREE, e.g. here is a link to a webpage titled: Five free and secure password management apps of which there are of course many others as well. (and of course there are others that can be paid for, e.g. Forgot Your Password? Use These 8 Apps to mention just a few)

In the past I have used a password app that I wrote myself for many years, but in recent years have opted to a hidden password protected file to keep things simpler and I feel that with a hidden file it's one more level of protection as the encrypted file needs an additional password to even unhide the password protected file itself before it can even be observable as opposed to using a Password Manager app that can be targeted by unscrupulous people that might look for ways to crack.

[Gainer]

Hi

The subject of Password-Reveal for Pop Peeper seem to have been discussed for many years. Other than the developers actual work/coding, the whole things seems to me as a Risk vs Benefit (Convenience) issue. The Pro's and Con's / Risks and Benefits have been discussed by users, Jeff and moderators at length. Points taken on all sides.

How much and what kind of Risk is decided by the individual. Heck, waking up in the morning and opening any browser or email is a (big) risk to start with. Each of us "protects" our self by means we understand and can afford (time and money). I manage upward to 75 email accounts and on the North side of 500 passwords (all in an encrypted password manager) for various local and on-line activities. I manage 10 times that for other folks.

I think we all have to admit that "everything most likely, can be hacked". I'm not a programmer, but isn't the password stored in some fashion, on my hard drive or thumb drive already... to authenticate against my email hosted account?

If the quality of programming used to provide a Password-Reveal is as good as in the past development of Pop Peeper, I'm all in. Encrypted would seem to be the answer. As a layman, I an not trying to over-simplify, but isn't this type of "security thing" done every day? The programmer cannot secure every possible lack of proper procedures a use may do.

Again, Risk/Benefit. This Password-Reveal seems to be a big enough issue over the years, and brought up again. I feel we as users (or at least myself) want to get past the "maybe, sometime, possibly in the future". I am not trivializing anything the program/programmer(s) need to go through to provide a secure program

In the Risk/Benefit arena there is also the Reward part. If the developer does a supreme job, I should think it would be a simple thing to say this "feature" is available in the PRO version ONLY (and I suggest UP the price $10.00USD). He needs to be on the Reward side, big time, so pony-up all you password-revealers.

Hey, Jeff, email everybody in the forum and ask them... "Do you want/need Password-Reveal? Enough to buy the (increased priced?) Pro Version?" Then tell us what you found out and what you will do (or not) and when.

Thank you for a great product!!

[Jeff]

I think we all have to admit that "everything most likely, can be hacked". I'm not a programmer, but isn't the password stored in some fashion, on my hard drive or thumb drive already... to authenticate against my email hosted account?

That's certainly true. POP Peeper does have to store the password and does so with encryption. But a password revealer would be easier to use than hacking it; although, I guess that also depends on the intention.

However, that is one advantage of OAuth2 -- the password isn't used and POP Peeper doesn't need to store your password. Unfortunately, OAuth2 will never see wide-spread use because it's not meant to be universal -- an email client has to provide specific support for each server. This gives giants like GMail and Hotmail a distinct advantage over smaller services, but I'm getting off-topic...

This Password-Reveal seems to be a big enough issue over the years, and brought up again.

Yes... but it's one of those things that you may only see the value of when you actually need it (kind of like car insurance -- how many people would pay for it if it wasn't legally required except people who have been in an accident and didn't have insurance...). I don't think that most people would see "password reveal" as value-added and could have the opposite effect. One of the first hard parts would be designing it in such a way that would accommodate the different types of users. For example:
1) people who just don't care either way (e.g. the current implementation)
2) people who would prefer that the passwords are permanently obscured (no 1st or 3rd party revealer)
3) people who want 1st-party reveal but not 3rd-party (ie. what's being discussed).
Considering the distinction between #2 and #3 would require some layer of password protection to prevent the setting from being changed without proper authentication. This is probably the biggest headache and part of the reason I'm loathe to go forward with this setting at all.

As it is now, you can use a 3rd party password revealer if necessary and you can use PP's password protection if the idea of that 3rd party password revealer concerns you...

[pop_pepper]

for a work around do what i do, put a password hint in your email account name, just remember to update it if you change your password.

in my email account name I put

(email address) (password hint)

I also use colours in my passwords, I use the colours in pop peeper to reflect the password. this is good because if i'm in pop peeper and i have to sign in directly to the account i have a hint immediately what the colour is. I know some might think that dangerous, but i have a colours words and number in my password hint, there is no possibly way anyone with access to my pop peeper could identify the passwords.

i asked about having a password hint box as well. I can understand why they don't have it. I would prefer a notes box, that way you could type what you wanted, its up to the user i feel to keep their passwords secure and no responsibility should fall on Pop peeper.

[Jeff]

pop_pepper's work-around is an interesting one. I was looking through the pages to see if there's a different approach -- on the "advanced" page, you could use the "email client" text box if you don't otherwise use it. Off the top of my head, I can't think of any consequences it would have if you don't use it. That being said, the email client field is not encrypted (nor is the account name), so using a "password hint" like pop_pepper suggested is better than using the actual password.

The idea of a notes field has been kicked around before, too. And that's something I would very likely use myself. hmmm.... Let me think about this. Thanks for the reminder, pop_pepper!

[Jeff]

I almost forgot to mention --

Coming soon in v4.3 (beta 5)

[pop_pepper]

brilliant, please see my private message, about pressing links from poppeeper thanks jeff, and thanks for this option, it's going to be invaluable

[Jeff]

POP Peeper v4.3 Beta 5 is now available that supports the notes feature:
http://www.esumsoft.com/pop-peeper-beta/

As for your link issue (guess I missed that before) -- either your default webbrowser is not setup correctly or the webbrowser is specified incorrectly in POP Peeper:
main menu: Tools / Pptweaker / Misc2 page ("browser..." is on the very bottom)
if it's already blank, it means your browser isn't setup correctly. You'll need to go into your browser and reset it as the default.